Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Vista Home Premium user account access to thumbdrives & printers

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 09-21-2009
 

Join Date: Sep 2009
Posts: 2
bigteks is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
Vista Home Premium user account access to thumbdrives & printers
Hi, I have two highschool daughters with laptops they use at school running Vista Home Premium. I have them running on user accounts and I don't want them to have the admin password because if they know what it is they will simply start typing it in all the time, which defeats the whole purpose of running as a user account.

There are only two things they need to do that Vista Home Premium UAC doesn't seem to allow without the admin password - connect thumbdrives and connect printers. They need to do both of these things at school.

Is there any way to disable the admin account security only on these two tasks?

Also I can easily upgrade to Windows 7 Ultimate. If Vista Home Premium can't do it, would upgrading to W7 Ultimate enable me to potentially resolve this security problem?

Thumbdrives are the new CD/DVD so it seems really shortsighted not to have a CD/DVD-style security model for them.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 09-21-2009
Malke
 

Posts: n/a
Re: Vista Home Premium user account access to thumbdrives & printers
bigteks wrote:

>
> Hi, I have two highschool daughters with laptops they use at school
> running Vista Home Premium. I have them running on user accounts and I
> don't want them to have the admin password because if they know what it
> is they will simply start typing it in all the time, which defeats the
> whole purpose of running as a user account.
>
> There are only two things they need to do that Vista Home Premium UAC
> doesn't seem to allow without the admin password - connect thumbdrives
> and connect printers. They need to do both of these things at school.
>
> Is there any way to disable the admin account security only on these
> two tasks?
>
> Also I can easily upgrade to Windows 7 Ultimate. If Vista Home Premium
> can't do it, would upgrading to W7 Ultimate enable me to potentially
> resolve this security problem?
>
> Thumbdrives are the new CD/DVD so it seems really shortsighted not to
> have a CD/DVD-style security model for them.


There is no problem using a USB thumb drive from a Standard account. There
is also no problem using a printer on another network like the School's if
that printer has already been installed. There must be another issue in play
here but without more information, I can't address it. Give us some more
details to go forward with troubleshooting.

*All* user accounts that are used for daily work should be Standard users,
including yours. Create an administrative user called "CompAdmin" or "Tech"
or the like and then log into it. Change your user type to Standard and then
log into your account. "CompAdmin" will only be used for elevation and
emergencies.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Reply With Quote
  #3 (permalink)  
Old 09-21-2009
Gordon
 

Posts: n/a
Re: Vista Home Premium user account access to thumbdrives & printers

"Malke" <malke@invalid.invalid> wrote in message
news:ewzv$wsOKHA.1280@TK2MSFTNGP04.phx.gbl...
>
> There is no problem using a USB thumb drive from a Standard account.


But there might be if a Policy is in force on the domain. I've been in
organisations where a Group Policy disallowed thumbdrives and/or CDR/RW
disks....



Reply With Quote
  #4 (permalink)  
Old 09-21-2009
Malke
 

Posts: n/a
Re: Vista Home Premium user account access to thumbdrives & printers
Gordon wrote:

>
> "Malke" <malke@invalid.invalid> wrote in message
> news:ewzv$wsOKHA.1280@TK2MSFTNGP04.phx.gbl...
>>
>> There is no problem using a USB thumb drive from a Standard account.

>
> But there might be if a Policy is in force on the domain. I've been in
> organisations where a Group Policy disallowed thumbdrives and/or CDR/RW
> disks....


Which is one of the numerous reasons I already said we needed more
information to give focused help.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Reply With Quote
  #5 (permalink)  
Old 09-21-2009
Zaphod Beeblebrox
 

Posts: n/a
Re: Vista Home Premium user account access to thumbdrives & printers

"Malke" <malke@invalid.invalid> wrote in message
news:ewzv$wsOKHA.1280@TK2MSFTNGP04.phx.gbl...
>
> bigteks wrote:
>
>>
>> Hi, I have two highschool daughters with laptops they use at school
>> running Vista Home Premium. I have them running on user accounts
>> and I
>> don't want them to have the admin password because if they know
>> what it
>> is they will simply start typing it in all the time, which defeats
>> the
>> whole purpose of running as a user account.
>>
>> There are only two things they need to do that Vista Home Premium
>> UAC
>> doesn't seem to allow without the admin password - connect
>> thumbdrives
>> and connect printers. They need to do both of these things at
>> school.
>>
>> Is there any way to disable the admin account security only on
>> these
>> two tasks?
>>
>> Also I can easily upgrade to Windows 7 Ultimate. If Vista Home
>> Premium
>> can't do it, would upgrading to W7 Ultimate enable me to
>> potentially
>> resolve this security problem?
>>
>> Thumbdrives are the new CD/DVD so it seems really shortsighted not
>> to
>> have a CD/DVD-style security model for them.

>
> There is no problem using a USB thumb drive from a Standard account.
> There
> is also no problem using a printer on another network like the
> School's if
> that printer has already been installed. There must be another issue
> in play
> here but without more information, I can't address it. Give us some
> more
> details to go forward with troubleshooting.
>
> *All* user accounts that are used for daily work should be Standard
> users,
> including yours. Create an administrative user called "CompAdmin" or
> "Tech"
> or the like and then log into it. Change your user type to Standard
> and then
> log into your account. "CompAdmin" will only be used for elevation
> and
> emergencies.
>


I agree about the USB thumb drives - I've never needed administrator
privileges to use USB drives, so something else is at work here.

As to the printers, if they need to install new printers (not an
unusual thing to need to do when taking the computer to a new
environment), they are prevented from installing new drivers if they
do not have administrator privileges.

Fortunately, this can be changed by setting a group policy that allows
signed drivers of a particular driver class to be installed by
non-administrators. To do this, launch Group Policy Editor
(gpedit.msc), and under Local Computer Policy navigate to Computer
Configuration, Administrative Templates, System, Driver Installation.
Double-click "Allow non-administrators to install drivers for these
device setup classes," and set the policy to Enabled. Click the Show
button to enter the device classes. Click Add and enter a value of
{4d36e979-e325-11ce-bfc1-08002be10318} and click OK. Click OK to all
dialog boxes, then close the group policy editor.

For Home versions of Vista, you have to edit the registry since they
don't include the group policy editor. Save the following as a .reg
file and merge it (requires administrator permissions, of course).
Lines that do not start with two spaces have been line wrapped and
will need to be re-assembled:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\DriverInstall\Restrictions\AllowUserDeviceCla sses]
"1"="{4d36e979-e325-11ce-bfc1-08002be10318}"

Both approaches can be used for other device classes, see
http://msdn2.microsoft.com/en-us/library/ms791134.aspx for a list.

Remember, this only works for signed drivers. Also, the drivers need
to be extracted to a location you have access to - that is, the .inf
and other required files need to be stored somewhere, and you won't be
able to run an exe file to extract or install them on the Vista PC
since that requires administrator privileges as well...

--
Zaphod

Arthur Dent, speaking to Trillian about Zaphod:
"So, two heads is what does it for a girl?"
"...Anything else he's got two of?"


Reply With Quote
  #6 (permalink)  
Old 09-21-2009
 

Join Date: Sep 2009
Posts: 2
bigteks is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
Re: Vista Home Premium user account access to thumbdrives & printers
You guys are right about the thumbdrive - I checked it and it has an autorun program on it that was kicking in the UAC.

Thanks for the registry tip on printer drivers - that will help.

Quote:
Originally Posted by Zaphod Beeblebrox View Post
"Malke" wrote in message
news:ewzv$wsOKHA.1280@TK2MSFTNGP04.phx.gbl...
>
> bigteks wrote:
>
>>
>> Hi, I have two highschool daughters with laptops they use at school
>> running Vista Home Premium. I have them running on user accounts
>> and I
>> don't want them to have the admin password because if they know
>> what it
>> is they will simply start typing it in all the time, which defeats
>> the
>> whole purpose of running as a user account.
>>
>> There are only two things they need to do that Vista Home Premium
>> UAC
>> doesn't seem to allow without the admin password - connect
>> thumbdrives
>> and connect printers. They need to do both of these things at
>> school.
>>
>> Is there any way to disable the admin account security only on
>> these
>> two tasks?
>>
>> Also I can easily upgrade to Windows 7 Ultimate. If Vista Home
>> Premium
>> can't do it, would upgrading to W7 Ultimate enable me to
>> potentially
>> resolve this security problem?
>>
>> Thumbdrives are the new CD/DVD so it seems really shortsighted not
>> to
>> have a CD/DVD-style security model for them.

>
> There is no problem using a USB thumb drive from a Standard account.
> There
> is also no problem using a printer on another network like the
> School's if
> that printer has already been installed. There must be another issue
> in play
> here but without more information, I can't address it. Give us some
> more
> details to go forward with troubleshooting.
>
> *All* user accounts that are used for daily work should be Standard
> users,
> including yours. Create an administrative user called "CompAdmin" or
> "Tech"
> or the like and then log into it. Change your user type to Standard
> and then
> log into your account. "CompAdmin" will only be used for elevation
> and
> emergencies.
>


I agree about the USB thumb drives - I've never needed administrator
privileges to use USB drives, so something else is at work here.

As to the printers, if they need to install new printers (not an
unusual thing to need to do when taking the computer to a new
environment), they are prevented from installing new drivers if they
do not have administrator privileges.

Fortunately, this can be changed by setting a group policy that allows
signed drivers of a particular driver class to be installed by
non-administrators. To do this, launch Group Policy Editor
(gpedit.msc), and under Local Computer Policy navigate to Computer
Configuration, Administrative Templates, System, Driver Installation.
Double-click "Allow non-administrators to install drivers for these
device setup classes," and set the policy to Enabled. Click the Show
button to enter the device classes. Click Add and enter a value of
{4d36e979-e325-11ce-bfc1-08002be10318} and click OK. Click OK to all
dialog boxes, then close the group policy editor.

For Home versions of Vista, you have to edit the registry since they
don't include the group policy editor. Save the following as a .reg
file and merge it (requires administrator permissions, of course).
Lines that do not start with two spaces have been line wrapped and
will need to be re-assembled:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\DriverInstall\Restrictions\AllowUserDeviceCla sses]
"1"="{4d36e979-e325-11ce-bfc1-08002be10318}"

Both approaches can be used for other device classes, see
System-Supplied Device Setup Classes for a list.

Remember, this only works for signed drivers. Also, the drivers need
to be extracted to a location you have access to - that is, the .inf
and other required files need to be stored somewhere, and you won't be
able to run an exe file to extract or install them on the Vista PC
since that requires administrator privileges as well...

--
Zaphod

Arthur Dent, speaking to Trillian about Zaphod:
"So, two heads is what does it for a girl?"
"...Anything else he's got two of?"
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vista Home Premium: New user account failing to load user profile Metajoe microsoft.public.windows.vista.administration accounts passwords 12 01-07-2009 20:08
Disable User Account Control just for admin profile? Vista Home Premium Tuttle microsoft.public.windows.vista.general 7 06-12-2008 04:02
Re: User Account Controls (Vista Home Premium) HGill microsoft.public.windows.vista.installation setup 0 12-13-2007 04:40
USER ACCOUNT VISTA HOME PREMIUM wboquet microsoft.public.windows.vista.administration accounts passwords 3 08-08-2007 17:48




All times are GMT +1. The time now is 10:23.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120